User fraud detection and prevention of access to a distributed network communication system

ABSTRACT

A system and method are disclosed for user fraud protection and prevention of access to a distributed network communication system. A first set of identification data associated with a first network access are stored. A second set of identification data associated with a second network access are stored. The first and second sets of identification data comprise a first computing device identification and a second computing device identification, respectively. If one or more fraud indicators are determined in the two sets of identification data, then the first and/or second network access may be revoked. The fraud indicators may include, e.g., use of the same username with different computing device identifications, use of the same computing device identification at different geographical locations, violation of a threshold for computing device identifications, violation of a threshold for authentication failures, and violation of a threshold for rate of network propagation by a user account.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] This invention relates generally to detecting, preventing, and/orthwarting fraud and/or fraudulent use in a network communicationssystem, where the network communications system and its methods comprisethe enabling a network infrastructure to support multiple networkproviders and/or customers of multiple network providers.

[0003] 2. Description of the Relevant Art

[0004] Various types of wired and wireless infrastructures are beingdeveloped to provide High-speed Internet Access (HSIA) to users ofcomputing devices, such as portable computing devices (PCDs). Currently,numerous providers are attempting to install wired and wireless networkinfrastructures in various locations, such as airports, hotels, officebuildings, etc. for use by various users. Many of these providers alsoprovide subscription services to customers. These subscription servicesprovide the end user with a single bill at the end of the month for allof his or her uses (or, in some cases provide for a pre-paidsubscription service). The subscription may be provided by a HSIAnetwork infrastructure provider, or the subscription may be provided byan “aggregator” that does not own or operate any networks, but providesinfrastructure for enabling their customers to gain access at sites fromone or more HSIA network providers. The party that has the end-userbilling relationship is referred to herein as a “subscriber-owner” or“roaming partner.”

[0005] Subscriber-owners often desire to provide services to theircustomers at a large number of locations, including locations that arenot necessarily owned or operated by the subscriber-owner. Providingsuch subscription services at a locations not owned or operated by thesubscriber-owner is often referred to as “roaming,” and the subscriberis said to “roam” onto a third party network.

[0006] Roaming technology has been developed in other fields outside ofHSIA such as telephone, cellular telephone, and dial-up Internetservices. Roaming is a familiar term in cellular telephone networks insituations where a customer of one carrier may arrive in a region wherethe carrier does not have a physical presence but another provider hasequipment. The customer connects to the third-party system and “roams”onto this network. The charges are automatically accumulated by thesubscriber-owner and posted on the customer's monthly invoice. In theearly days of cellular telephones, roaming was quite awkward. Forexample, to roam in some areas, a customer would have to dial a localnumber to inform the local carrier that the customer was in thecarrier's region. This awkwardness was due to the fact that no standardmechanism or technology for exchange of credentials or billinginformation had been adopted. Today roaming in cellular telephonenetworks is nearly universal between all carriers. More importantly, itis convenient and unobtrusive for the end-users.

[0007] In an a situation analogous to the early days of roaming incellular telephone networks, HSIA providers and subscriber-owners face achallenge of providing roaming services to their customers. At thepresent point in time, no standard has been adopted for exchange ofcredentials and billing information. Whereas there is a large amount oftechnology available for roaming in cellular telephone networks anddial-up ISPs, the mechanism for HSIA connections is quite different thaneither of these existing systems. HSIA connections are normallycontrolled via an access control list mechanism with a web-browser. Insome cases, client software can also be used to aid in the connectionprocess.

[0008] Roaming technology with regards to HSIA has similar and/or uniqueissues regarding fraud and/or fraudulent use such as in the telephone,cellular telephone, and dial-up Internet services industries.

[0009] A variety of networks are used to implement roaming technologyfor HSIA today. Computer networks include local area networks (LANs),metropolitan area networks (MANs), wide area networks (WANs), intranets,the Internet and other types of communications networks. Communicationnetworks include those for conventional telephone service, cellularnetworks of different varieties, paging services and others. Networksare used for many purposes, including to communicate, to access data,and to execute transactions. For many reasons, including security, it isoften necessary to confirm or authenticate the identity of a user beforepermitting access to data or a transaction to occur on the network.Further, authentication is of paramount importance in HSIA roamingtechnologies because it may permit the HSIA network provider and theroaming partner to enable one or more subscriber's use of one or morenetworks.

[0010] One known approach to computer network authentication is the useof user-specific passwords. Passwords provide some level of protection,but they are not fail-safe. One reason, passwords are vulnerable is thatusers may share them. Even if passwords are kept private, someone whowants to obtain a password badly enough may utilize random generators,keyboard monitors, or other techniques since some fraudulent activitiesfocus on fraudulently obtaining subscriptions. Moreover, when dealingwith unknown users, such as people who want to conduct an electronictransaction or HSIA roaming authentication over the Internet (or otherequivalent communications networks), ad hoc passwords may not bepractical.

SUMMARY OF THE INVENTION

[0011] One embodiment of the present invention comprises a system andmethod for user fraud protection and prevention of access to adistributed network communication system. The network system may includea plurality of access points coupled to a network. The network accesspoints include wireless access points and may also include wired accesspoints. Access points (APs) for the network may be widely distributed invarious facilities, such as airports, hotels, mass-transit stations, andvarious businesses, such as business offices, restaurants, and stores,e.g., coffee shops or restaurants at an airport. The network may coupleto a wide area network, such as the Internet. A plurality of networkproviders may provide network services, such as Internet access, overthe network infrastructure.

[0012] In one embodiment, a user, also referred to as a subscriber, mayaccess the network system through a portable computing device (PCD)using, for example, a wireless (or wired) network interface card. Whenin sufficiently close range to an access point, the PCD may wirelesslyaccess the network system, or the PCD may be directly connected to awired connection. Each PCD may store identification information whichmay uniquely indicate at least one network provider of a plurality ofpossible network providers. The identification information thus maydesignate the network provider (or providers) to which the user of thePCD is a subscriber. The identification information may take variousforms, such as a System ID (SID), MAC ID, or other identification whichmay be used to identify the network provider to which the user hassubscribed. When the PCD becomes close to an access point, the PCD mayprovide the identification information to the access point.

[0013] The system and method for fraud detection may include storing afirst set of identification data associated with a first network accessand a second set of identification data associated with a second networkaccess. The first and second sets of identification data comprise afirst computing device identification and a second computing deviceidentification, respectively. If one or more fraud indicators aredetermined in the two sets of identification data, then the first and/orsecond network access may be revoked. The fraud indicators may include,for example, use of the same username with different computing deviceidentifications, use of the same computing device identification atdifferent geographical locations, violation of a threshold for computingdevice identifications, violation of a threshold for authenticationfailures, violation of a threshold for rate of network propagation by auser, and usage of particular RF channels during wireless networkaccess.

BRIEF DESCRIPTION OF THE DRAWINGS

[0014] Other objects and advantages of the invention will becomeapparent upon reading the following detailed description and uponreference to the accompanying drawings in which:

[0015]FIG. 1 is a block diagram of one embodiment of a networkcommunication system according to one embodiment;

[0016]FIG. 2 is a more detailed block diagram of one embodiment of thenetwork communication network system of FIG. 1 according to oneembodiment;

[0017]FIG. 3 is a block diagram of another embodiment of the networkcommunication system of FIG. 1 according to one embodiment;

[0018]FIG. 4 is a block diagram of a network communication systemaccording to a preferred embodiment;

[0019]FIG. 5 is a flowchart diagram illustrating operation of allowingaccess to a network communication system using a roaming model accordingto one embodiment;

[0020]FIG. 6 is a flowchart diagram illustrating a storage of PCD ID andits associated information according to one embodiment;

[0021]FIG. 7 is a flowchart diagram illustrating a storage of PCD ID andits associated information and a disconnect of a first user sessionaccording to one embodiment;

[0022]FIG. 8 is a block diagram of a network system including a networkprovider and a roaming partner according to one embodiment;

[0023]FIG. 9 is a flowchart diagram illustrating a disconnect of a firstuser session according to one embodiment;

[0024]FIG. 10 is a flowchart diagram illustrating a disconnect of afirst user session according to one embodiment;

[0025]FIG. 11 is a flowchart diagram illustrating a disconnect of afirst user session with a means of a fraud detection algorithm accordingto one embodiment; and

[0026]FIG. 12 is a flowchart diagram illustrating a disconnect of afirst user session with a means of a fraud detection algorithm accordingto one embodiment.

[0027] While the invention is susceptible to various modifications andalternative forms, specific embodiments thereof are shown by way ofexample in the drawings and will herein be described in detail. Itshould be understood, however, that the drawings and detaileddescription thereto are not intended to limit the invention to theparticular form disclosed, but on the contrary, the intention is tocover all modifications, equivalents and alternatives falling within thespirit and scope of the present invention as defined by the appendedclaims.

DETAILED DESCRIPTION OF THE EMBODIMENTS

[0028] Incorporation by Reference

[0029] U.S. Pat. No. 5,835,061, titled “Method and Apparatus forGeographic-Based Communications Service”, whose inventor is Brett B.Stewart, is hereby incorporated by reference in its entirety as thoughfully and completely set forth herein.

[0030] U.S. Pat. No. 5,969,678, titled “System for Hybrid Wired andWireless Geographic-Based Communications Service”, whose inventor isBrett B. Stewart, is hereby incorporated by reference in its entirety asthough fully and completely set forth herein.

[0031] U.S. patent application Ser. No. 09/433,817 titled “GeographicBased Communications Service” and filed on Nov. 3, 1999, whose inventorsare Brett B. Stewart and James Thompson, is hereby incorporated byreference in its entirety as though fully and completely set forthherein.

[0032] U.S. patent application Ser. No. 09/433,818 titled “A NetworkCommunications Service with an Improved Subscriber Model Using DigitalCertificates” and filed on Nov. 3, 1999, whose inventors are Brett B.Stewart and James Thompson, is hereby incorporated by reference in itsentirety as though fully and completely set forth herein.

[0033] U.S. patent application Ser. No. 09/551,309 titled “System andMethod for Managing User Demographic Information Using DigitalCertificates” and filed on Apr. 18, 2000, whose inventors are Brett B.Stewart and James Thompson, is hereby incorporated by reference in itsentirety as though fully and completely set forth herein.

[0034] U.S. patent application Ser. No. 09/767,374 titled “Distributednetwork communication system which allows multiple wireless serviceproviders to share a common network infrastructure” and filed on Jan.22, 2001, whose inventors are James Thompson, Kathleen E. McClelland,and Brett B Stewart, is hereby incorporated by reference in its entiretyas though fully and completely set forth herein.

[0035] U.S. Provisional Patent Application Serial No. 60/383,827 titled“Roaming” AND filed on May 29, 2002, whose inventors are James D. Keelerand Matthew M. Krenzer, is hereby incorporated by reference in itsentirety as though fully and completely set forth herein.

[0036] U.S. patent application Ser. No. 10/341,761 titled “AUTHORIZATIONAND AUTHENTICATION OF USER ACCESS TO A DISTRIBUTED NETWORK COMMUNICATIONSYSTEM WITH ROAMING FEATURES” and filed on Jan. 14, 2003, whoseinventors are James D. Keeler and Matthew M. Krenzer, is herebyincorporated by reference in its entirety as though fully and completelyset forth herein.

[0037] U.S. patent application Ser. No. 10/387,337 titled “SYSTEM ANDMETHOD FOR USER ACCESS TO A DISTRIBUTED NETWORK COMMUNICATION SYSTEMUSING PERSISTENT IDENTIFICATION OF SUBSCRIBERS” and filed on Mar. 11,2003, whose inventors are James D. Keeler, Ian M. Fink, and Matthew M.Krenzer, is hereby incorporated by reference in its entirety as thoughfully and completely set forth herein.

[0038]FIG. 1—Network Communication System

[0039]FIG. 1 shows one embodiment of a distributed network communicationsystem (NCS) 100. The NCS 100 may include one or more access points(APs) 120, preferably a plurality of APs 120. At least a subset of theAPs 120 are wireless access points (APs) 120 which communicate with aportable computing device (PCD) 110 in a wireless fashion. Each wirelessaccess point 120 may have a wireless connection or transceiver (e.g., anantenna) and may operate according to various wireless standards, suchas wireless Ethernet (IEEE 802.11). One or more of the APs 120 may alsobe wired access points which communicate with a PCD 110 in a wiredfashion.

[0040] Each access point (AP) 120 may be coupled to a network 130. Thenetwork 130 may comprise a wired network, a wireless network or acombination of wired and wireless networks. For example, the network 130may be a standard “wired” Ethernet network which connects each of thewireless (and wired) APs 120 together. The network 130 may also be awireless network based on IEEE 802.11, IEEE 802.15, IEEE 802.16, etc.The network 130 may form part of the Internet, or may couple to othernetworks, e.g., other local or wide area networks, such as the Internet.

[0041] The network 130 may also include or be coupled to other types ofcommunications networks, (e.g., other than the Internet) such as thepublic switched telephone network (PSTN), whereby a user using PCD 110may send and receive information from/to the PSTN or other communicationnetwork through a network provider. The network 130 may also include, orbe coupled to, another wide area network 130, such as a proprietary WAN.The network 130 thus may be, or be coupled to, any of various wide areanetworks (WANs) or local area networks (LANs), including the Internet165.

[0042] The APs 120 may be widely distributed in various facilities, suchas airports, hotels, mass-transit stations, shopping malls, restaurantsand other businesses, such as business offices, law firm offices, retailstores, etc. For example, where the APs 120 are distributed in anairport, one or more APs 120 may be distributed throughout variousterminals in the airport, in an airline club, and in coffee shops,restaurants or rental car counters at the respective airport. The APs120 may thus be primarily designed to service mobile users, wherein itmay not be known ahead of time which mobile users will be accessing thenetwork from which locations. Thus, the NCS 100 is preferably adistributed network system, with access points placed in locations toservice mobile users. This differs from a conventional fixed local areanetwork (LAN), where it is generally pre-configured as to whichpre-determined users will be using which nodes in the fixed LAN on aday-to-day basis, and the relative access levels that thesepre-determined users have is also pre-configured.

[0043] Each AP 120 may comprise information used to identify or select anetwork provider for a particular user, as well as related accessinformation to enable the network provider to provide access. When insufficiently close range to an AP 120, or when the PCD 110 is directlycoupled to an access point 120 in a wired fashion, the PCD 110 mayaccess the network utilizing a particular network provider, as discussedfurther below.

[0044] A user operating a PCD 110 may communicate with one of the APs120 to gain access to network services, such as Internet access. The PCD110 may have a wireless communication device, e.g., a wireless Ethernetcard, for communicating with a wireless AP 120. The PCD 110 may insteadhave a wired communication device, e.g., an Ethernet card, forcommunicating with a wired AP 120.

[0045] The PCD 110 may be any of various types of devices, including acomputer system, such as a portable computer, a personal digitalassistant (PDA), an Internet appliance, a communications device, orother wired or wireless device. The PCD may include various wireless orwired communication devices, such as a wireless Ethernet card, paginglogic, RF communication logic, a wired Ethernet card, a modem, a DSLdevice, an ISDN device, an ATM device, a parallel or serial port businterface, or other type of communication device.

[0046] The PCD 110 preferably includes a memory medium which storesidentification information indicating a network provider to which theuser has subscribed. The indicated network provider may be one of aplurality of possible network providers that provide Internet access orother network services in a network system such as that shown in FIG. 1.The identification information may be a System ID (an IEEE 802.11 SystemID), a Media Access Control (MAC) ID of a wireless Ethernet devicecomprised in the PCD 110, the name of the network provider, or othertype of information that uniquely identifies one (or more) networkproviders. The identification information may be contained in a digitalcertificate or cookie, which may be stored in a web browser or in amemory medium of the PCD 110.

[0047] The PCD may be identified by one or more means of a PCD ID. Ameans of a PCD ID may comprise internal or external components such asperipherals of a PCD. These internal or external components providing ameans PCD ID may comprise: a MAC ID, CPU ID, an internet protocol (IP)address, a subscriber identification module (SIM), a smart card, anelectronic serial number (ESN), mobile information number (MIN), andmobile directory number (MDN). A means of a PCD ID may also compriseinformation stored in a memory medium of the PCD ID. This informationmay comprise: a cookie ID, a certificate ID, a biometric scan such as aretina scan, finger print, etc., or a string of characters. Combinationsof these means may also serve as a means of a PCD ID.

[0048] Where the AP 120 is a wireless AP 120, the wireless communicationmay be accomplished in a number of ways. In one embodiment, PCD 110 andwireless AP 120 are both equipped with an appropriate transmitter andreceiver compatible in power and frequency range (e.g., 2.4 GHz) toestablish a wireless communication link. Wireless communication may alsobe accomplished through cellular, digital, or infrared communicationtechnologies, among others. To provide user identification and/or ensuresecurity, the PCD 110 may use any of various security mechanisms.

[0049] Where the AP 120 is a wired AP 120, the wired connection may beaccomplished through a variety of different ports, connectors, andtransmission mediums. For example, the PCD 110 may be connected throughan Ethernet, USB, fire wire (IEEE 1394), serial, or paralleltransmission cables, among others. The PCD 110 may also include variouscommunication devices for connecting to the AP 120, such as wiredEthernet cards, modems, DSL adapters, ATM adapters, IDSN devices, orother communication devices. For example, a hotel may have Ethernetconnections in the restaurants, shops, and guest rooms. An airline club,e.g., an airport Admiral's Club, may also have both wireless and wiredconnections for mobile users. A user may connect to a wired AP 120through the use of a laptop computer (PCD 110), an Ethernet networkcard, and a network cable. This connection may have the same impact as aconnection made to a wireless AP 120 as discussed above. In other words,a user using a wired PCD 110 is able to “roam” on various networkinfrastructures in the same manner as a user using a wireless PCD 110.

[0050] One or more network providers may each have an associated networkdevice 160 coupled to the network 130. For example, FIG. 1 illustratesnetwork devices 160 associated with three different network providers.The network devices 160 may take any of various forms, such as acomputer system, router, bridge, etc. It is noted that network providersmay provide network services at a location without being required tolocate any equipment or bandwidth at a network location. For example, anetwork provider may combine virtual local area networks (VLANs) and IPtunneling to avoid having to locate any equipment or bandwidth at aparticular network location.

[0051] A user operating a PCD 110 will typically have previouslysubscribed with one (or more) network providers. Examples of networkproviders include Wayport®, T-Mobile, and Softnet, among others. Asdiscussed further below, when the PCD 110 of a user communicates with orthrough an AP 120, the respective network provider to which the user issubscribed is determined. If no previous affiliation with a networkprovider is detected, a default network provider may be selected. Afterthe network provider is determined or selected, network access orservices may be provided through that network provider. For example,data or packets from the respective PCD 110 may be routed to adestination designated by the respective network provider, such as therespective provider's network device 160. This effectively allows aplurality of network providers to each offer access on a common networkinfrastructure. This also allows subscribers of various networkproviders to “roam” on other networks, such as networks installed and/ormaintained by other providers, or networks maintained by independentthird parties.

[0052] The NCS 100 may also include a management information base (MIB)150. The MIB 150 may be a mechanism, such as a memory, which may allowthe persistent storage and management of information needed by network130 to operate. For example, in one embodiment of the invention, the MIB150 may store a data structure, such as a table comprising a list ofidentification information and a corresponding list of the plurality ofpossible network providers. The data structure may also store accessinformation, which may comprise associated methods for providing data tothe respective plurality of possible network providers. The accessinformation may further comprise access level or privilege levelinformation. Thus, the data structure may comprise a table having aplurality of tuples, with each tuple having the identificationinformation, e.g., a System ID (SID), PCD ID, the corresponding networkprovider, and access information containing a method of access to theprovider, possibly including a destination IP address or othermethodology for accessing the provider's site. In an alternateembodiment, as noted above, the data structures which store thisinformation may be comprised in each of the APs 120, or may be providedin various other locations.

[0053] As discussed further below, when a PCD 110 of a user beginscommunication with an AP 120, the network provider for the PCD 110 maybe determined using this data structure. The memory medium containingthe data structure may be accessed, and received network provideridentification information from the respective PCD 110 may be used toindex into the data structure or table to determine the networkprovider. The appropriate access method may also be accessed and usedfor enabling the network provider to provide network services, e.g., theaccess method may be used for providing the data from the respective PCD110 to the determined network provider. Access level information mayalso be retrieved and used to determine a user's access to local networkresources or Internet access.

[0054] The MIB 150 may store other information, such as a directory ofall the elements (e.g., APs, PCDs, etc) in the network, the topology ofthe network, characteristics of individual network elements,characteristics of connection links, performance and trend statistics,and any information which is of interest in the operation of the network130. For example, the MIB may store the precise longitude, latitude,altitude and other geographic information pinpointing the location ofeach access point.

[0055] One or more service providers 140 may also be coupled to thenetwork 130 or other networks to which the network 130 is coupled, suchas the Internet 165. As used herein, the term “service provider” isintended to include various types of service and information providerswhich may be connected to the network 130. The service provider 140 maytake any of various forms and may provide any of various services orinformation. Each service provider 140 may include one or more computersor computer systems configured to provide goods, information, and/orservices as appropriate for the service provider. The one or moreservice providers 140 may couple to the network in a wired or wirelessfashion.

[0056] The NCS 100 may be geographic-based. In other words, the NCS 100may provide information and/or services to the user based at leastpartly on the known geographic location of the user, e.g., as indicatedby the APs 120 or as indicated by geographic information (e.g., GPSinformation) provided from the PCD 110. In one embodiment, the APs 120are arranged at known geographic locations and may provide geographiclocation information regarding the geographic location of the user orthe PCD 110. In another embodiment, the PCD 110 may provide geographiclocation information of the PCD 110 through the AP 120 to the network130. For example, the PCD 110 may include GPS (Global PositioningSystem) equipment to enable the PCD 110 to provide its geographiclocation through the AP 120 to the network 130, such as to a serviceprovider 140 coupled to the network 130.

[0057] Memory Medium and Carrier Medium

[0058] One or more of the systems described above, such as PCD 110, APs120, MIB 150, and network providers 160 may include a memory medium onwhich computer programs or data may be stored. For example, each of theAPs 120 and/or the MIB 150 may store a data structure as described abovecomprising information regarding identification information,corresponding network providers 160 and access information such asassociated data routing methods. Each of the APs 120 and/or the MIB 150may further store a software program for accessing these data structuresand using the information therein to properly provide or route databetween users (subscribers) and their corresponding network providers,or to selectively provide or route data depending on the accessinformation.

[0059] The term “memory medium” is intended to include various types ofmemory or storage, including an installation medium, e.g., a CD-ROM, orfloppy disks, a random access memory or computer system memory such asDRAM, SRAM, EDO RAM, Rambus RAM, NVRAM, EPROM, EEPROM, flash memoryetc., or a non-volatile memory such as a magnetic media, e.g., a harddrive, or optical storage. The memory medium may comprise other types ofmemory as well, or combinations thereof. In addition, the memory mediummay be located in a first computer in which the programs are executed,or may be located in a second different computer which connects to thefirst computer over a network. In the latter instance, the secondcomputer provides the program instructions to the first computer forexecution. The memory medium may also be a distributed memory medium,e.g., for security reasons, where a portion of the data is stored on onememory medium and the remaining portion of the data may be stored on adifferent memory medium. Also, the memory medium may be one of thenetworks to which the current network is coupled, e.g., a SAN (StorageArea Network).

[0060] Also, each of the systems described above may take various forms,including a personal computer system, mainframe computer system,workstation, network appliance, Internet appliance, personal digitalassistant (PDA), television system or other device. In general, the term“computer system” can be broadly defined to encompass any device havinga processor which executes instructions from a memory medium.

[0061] The memory medium in one or more of the above systems thus maystore a software program or data for performing or enabling roaming andfraud-related services or selective network resource access within a NCS100 or a NCS 102. A CPU or processing unit in one or more of the abovesystems executing code and data from a memory medium comprises a meansfor executing the software program according to the methods orflowcharts described below.

[0062] Various embodiments further include receiving or storinginstructions and/or data implemented in accordance with the presentdescription upon a carrier medium. Suitable carrier media include memorymedia as described above, as well as signals such as electrical,electromagnetic, optic, or other forms of analog or digital signals,conveyed via a communication medium such as networks and/or a wirelesslink.

[0063] Authentication, Authorization, and Accounting

[0064] As used herein, “AAA” is an abbreviation for authentication,authorization, and accounting. In one embodiment, AAA provides a systemto control what computer resources users have access to and to keeptrack of the activity of users over a network (e.g., in IP-basednetworking). Authentication is the process of identifying an individual,may be based on a username and password combination, an X.509certificate, or another means of a unique set of credentials.Authentication is based on the idea that each individual user will haveunique information that sets him or her apart from other users.Authorization is the process of granting or denying a user access tonetwork resources. Authorization may commence once the user has beenauthenticated through a means of a submission of valid creditials. Theamount of information and the amount of services the user has access todepend on the user's authorization level. Accounting is the process ofkeeping track of a user's activity while accessing the networkresources. Network resources may comprise the amount of time spent inthe network, the services accessed while there, and the amount of datatransferred during the session. Accounting data may be used for trendanalysis, capacity planning, billing, auditing, and cost allocation.

[0065] AAA services often require a server that is dedicated toproviding the three services. RADIUS (Remote Authentication Dial-In UserService) is an example of an AAA service used by many Internet ServiceProviders (ISPs). When a user connects to the ISP, the user's usernameand password may be passed to a RADIUS server or to an AAA interfaceserver 169. The RADIUS server may then check that the information iscorrect and authorize access to the ISP's system. The RADIUSspecification is maintained by a working group of the IETF (InternetEngineering Task Force), the main standards organization for theInternet. Other protocols for providing an AAA framework includeDIAMETER (an extension and improvement of RADIUS, where the name is aplay on words implying that the new is, at least, twice as good as theold), EAP (Extensible Authentication Protocol), TACACS (Terminal AccessController Access Control System), TACACS+, and XTACAS. These are alsointended for applications such as network access or IP mobility and areintended to work in both local AAA and roaming situations.

[0066] In one embodiment, the roaming system and method may provide atleast two different methods for AAA of roaming users: one method for usewith a browser, and one for use with client software. Both methods mayuse a standard RADIUS login with a RADIUS-qualified username andpassword.

[0067]FIG. 2

[0068]FIG. 2 is a more detailed block diagram illustrating a portion ofthe wireless network system of FIG. 1. FIG. 2 illustrates an embodimenthaving three APs 120 which each couple through a respective virtuallocal area network (VLAN), labeled VLAN1, VLAN2 and VLAN3. Each ofVLAN1, VLAN2 and VLAN3 in turn couple to respective routers 160, labeledrouter A, router B and router C, which are provided by the respectivenetwork providers A, B and C respectively. These routers in turn coupleto the Internet. As shown, one or more access controllers, e.g.,computer systems configured to determine or control network serviceaccess, may be provided for each of the network providers. The accesscontrollers operate to verify user or subscriber access to therespective provider's network. FIG. 2 illustrates access controller A,access controller B and access controller C. As shown, accesscontrollers A and B are coupled to router A and router B respectively.However, the access controller may be located outside of the localnetwork 130, e.g., may be comprised on any of various locations on theInternet, as shown with respect to access controller C.

[0069] In this embodiment, the data structure may store anidentification information/VLAN tag mapping, e.g., an SID/VLAN tagmapping, which operates to map the user to the appropriate VLAN of theuser's network provider.

[0070] As shown, each of VLAN1, VLAN2 and VLAN3 may be supported in oneor more Ethernet switches which support tagged VLANs (IEEE 802.1q). Inaddition, the switch may also support IEEE 802.1p, which providesvarious quality of service (QoS) metrics. This enables the switches toenforce certain predefined quality of service metrics to any given portor virtual port contained within the network. As shown in FIG. 3, it isalso noted that a router may be present on more than one VLAN. As shown,FIG. 3 includes an 802.1q switch which couples to three access pointsreferred to as access point 1 (AP1), access point 2 (AP2), and accesspoint 3 (AP3). As shown, a router labeled router C may be coupled to twoor more VLANs.

[0071] Using VLANs, each AP 120 preferably has the ability totransmit/receive on one or more VLAN IPs to one or more serviceproviders. This permits, but does not require, that each networkprovider use its own network numbering plan. At most, each networkprovider may have an access controller and a router at each coveragelocation. As shown in FIG. 3, the access controller is not required tobe physically located at the coverage location, but rather may belocated anywhere.

[0072]FIG. 4

[0073] In one embodiment, a user may access internet services via anetwork provider 162 with whom the user has no prior relationship. Asdiscussed above, the PCD 110 of the user is allowed to obtain networkaccess through his or her previously chosen network provider, i.e.,through the network provider to which the user has previouslysubscribed. Users may be permitted to roam on various networkinfrastructures from multiple network providers. In other words, a userwho is a subscriber of network provider A (the roaming partner 170) mayroam on a network infrastructure operated and maintained by networkprovider B (the network provider 162). Alternatively, certain portionsof the network infrastructure may be built and maintained by a thirdparty who is not a network provider, and subscribers of each of thevarious network providers (roaming partners 170) may be able to roamonto this network.

[0074] As illustrated in FIG. 4, the user premises (e.g., a hotel orairport) may be configured with a NCS 102 comprising one or morewireless APs 120 and/or wired APs 120. These APs may be coupled to anetwork 135. The network 135 may comprise a wired network, a wirelessnetwork or a combination of wired and wireless networks. For example,the network 135 may be a standard “wired” Ethernet network whichconnects each of the wireless APs 120 and wired APs 120 together. Thenetwork 135 may also be a wireless network based on IEEE 802.11.

[0075] The network 135 may be coupled to other types of communicationsnetworks, (e.g., other than the Internet) such as a PSTN, whereby a userusing PCD 110 may send and receive information from/to the PSTN or othercommunication networks. The network 135 may also be coupled to a widearea network (WAN) 107, such as a proprietary WAN. The network 135 thusmay be, or be coupled to, any of various WANs 107, LANs, corporatenetworks 101, including the Internet 165. The network 135 may be coupledto a network management device (NMD) 126 where NMD 126 may serve as ameans for authentication and access control from a network 135 or an AP120 to the various WANs 107, LANs, corporate networks 101, including theInternet 165.

[0076] The NMD 126 may comprise the functionality of a router and/or aweb-server that provides access to the Internet 165 and monitoring ofclient usage. The NMD 126 may also comprise an access control list(ACL). The ACL may serve as an access control means and may comprise afirewall and/or other security measures. The ACL may comprise a set ofdata that informs the operating system which permissions, or accessrights, that each user or group has to a specific system object, such asa directory or file. Each object has a unique security attribute thatidentifies which users have access to it, and the ACL is a list of eachobject and user access privileges such as read, write or execute.

[0077] For wireless access, the APs may broadcast a network name (e.g.,a Service Set Indentifier or SSID) identifying a wireless network from anetwork provider. If a wireless NIC in a PCD is set to accept an SSID of“Any,” then the NIC may associate the PCD with a proximate wireless AP.If, on the other hand, the wireless NIC is set to associate only withfixed SSIDs, then the SSID must be set to the particular SSID for thenetwork provider before proceeding. Depending upon the software of thePCD, this SSID configuration process may be manual or substantiallyautomatic (e.g., allowing the user to select SSIDs from a list).

[0078] The NCS 102 may also include a MIB 150. The MIB 150 may be amechanism, such as a memory, which may allow the persistent storage andmanagement of information needed by network 135 to operate. For example,in one embodiment of the invention, the MIB 150 may store a datastructure, such as a table comprising a list of identificationinformation and a corresponding list of the plurality of possiblenetworks and services. The data structure may also store accessinformation, which may comprise associated methods for providing data tothe respective plurality of possible networks and services. The accessinformation may further comprise access level or privilege levelinformation. Thus, the data structure may comprise a table having aplurality of tuples, with each tuple having the identificationinformation. In an alternate embodiment, as noted above, the datastructures which store this information may be comprised in each of theAPs 120, or may be provided in various other locations.

[0079] The MIB 150 may store other information, such as a directory ofall the elements (e.g., access points, portable computing devices, etc)in the network, the topology of the network, characteristics ofindividual network elements, characteristics of connection links,performance and trend statistics, and any information which is ofinterest in the operation of the network 135. For example, the MIB maystore the precise longitude, latitude, altitude and other geographicinformation pinpointing the location of each access point.

[0080] The NCS 102 may be geographic-based. In other words, the NCS 102may provide information and/or services to the user based at leastpartly on the known geographic location of a PCD 110, e.g., as indicatedby the APs 120 or as indicated by geographic information (e.g., GPSinformation) provided from the PCD 110. In one embodiment, the APs 120are arranged at known geographic locations and may provide geographiclocation information regarding the geographic location of the user orthe PCD 110. In another embodiment, the PCD 110 may provide geographiclocation information of the PCD 110 through the AP 120 to the network135. For example, the PCD 110 may include GPS (Global PositioningSystem) equipment to enable the PCD 110 to provide its geographiclocation through the AP 120 to the network 135.

[0081]FIGS. 5 through 8

[0082]FIG. 5 is a flowchart diagram illustrating a method for providingroaming access using a software (client software) executed on a PCD andstoring or transmitting information associated with the user's PCDaccording to one embodiment. This software may be embodied as a webbrowser, or it may be, embodied by or comprised within, a custom clientsoftware for interacting with a roaming system. In 302, the clientcomputer (e.g., a PCD coupled to an AP) may connect to the network asdisclosed herein (e.g., through an access point). The network providermay provide an ACL to screen unwanted traffic and attacks from outsidethe network. In one embodiment, the outbound ACL to the internet areinitially “closed.” In 304, a user may use the software on the PCD tosend an access request to the network provider who operates the APs andlocal network. In one embodiment, the software may perform an HTTP “GET”to a web server or AAA interface server 169, not on the subnet to whichthe PCD belongs, to initiate the access sequence. In another embodiment,the software may perform an HTTP “GET” to a web server, on the subnet towhich the PCD belongs, to initiate the access sequence. This web servermay have the address of the default gateway or default router of thesubnet to which the PCD belongs.

[0083] According to a preferred embodiment, when the PCD is notcurrently authorized for access, a NMD operated by the network providermay return an activation response message to the software in 306. Theactivation response message may include information that is usable toaccess the internet (e.g., a router address, an AAA interface server 169address, or another network address). The activation response messagemay be returned to the software as an HTTP redirect message to therouter's “Terms and Conditions” web page.

[0084] In 308, the software may then send the user's username andpassword to the network provider (e.g., at the router address indicatedby the activation response message). The software may originate an HTTPPOST operation to the above-described web server at the IP addressimplied by the logon URL at TCP port 443 utilizing an HTTPS (secureHTTP) connection over TCP. The POST parameters may be constructed byappending the arguments “username” and “password” to the {Queryparameters} returned in the activation response HTML message. Thecontents of the username and password fields may be encoded as“text/plain,” and the username may include the full NAI (Network AccessIdentifier) including appropriate roaming-partner prefixes.

[0085] In 310,,the network provider may then send the username andpassword to a roaming partner for authentication/authorization. Theroaming partner is another network provider with whom the usersubscribes for internet access. In one embodiment, the industry-standardAAA mechanism, such as RADIUS, may be used forauthentication/authorization. When a valid login attempt is receivedfrom the client software, and the RADIUS username begins with aroaming-partner prefix of the form “ROAMING_PARTNER/”, the networkprovider 162 may send a valid RADIUS authorization request (i.e., anAccess-Request) to the AAA server 168b of the roaming partner 170 usingstandard RADIUS proxy procedures.

[0086] In 312, the roaming partner may determine whether the useraccount is authenticated (e.g., using the user's RADIUS-compliantusername and password) and send an appropriate authentication responseback to the network provider. In one embodiment, the roaming partner 170may attempt to deliver the authentication request to the appropriateauthentication authority. The roaming partner 170 may then return theresponse (typically Access-Accept or Access-Reject) returned by theauthentication authority. In one embodiment, the roaming partner 170will not return vendor-specific RADIUS attributes sent by theauthentication authority. If no response is received from theauthentication authority, the roaming partner 170 may return anAccess-Reject response to the network provider 162.

[0087] If the authentication response indicates that the user accounthas not been authorized, then the network provider may deny access tothe network for the user in 314. If the authentication responseindicates that the user account has been authorized, then the networkprovider may authorize access to the network for the user in 316.

[0088] In step 318, the network provider may record information aboutthe user and his or her PCD comprising, for example, the username andPCD ID. In one embodiment, information may be stored on the AP or onanother computing device coupled to the network. In another embodiment,step 318 may transmit information about the user and his or her PCDcomprising: username and PCD ID. This information may be transmitted toone or more APs or computing devices coupled to the network. Thistransmission may be directed to one or more destinations, or it may bebroadcasted (e.g., to a broadcast address of an IP network, to amulticast group, via wireless radio broadcast, etc.). To provideidentification and/or ensure security, the network provider may use anyof various security mechanisms for a storage or a transmission.

[0089]FIGS. 6 and 7 are flowchart diagrams which illustrate storage of aPCD ID and its associated information and a disconnect of a first usersession according to one embodiment. The information, received in step400, may be received by a fraud server 200 a of the network provider 162and/or by a fraud server 200 b of the roaming partner 170, where thefraud server may be coupled to a network suitable for receiving suchinformation. In one embodiment, the fraud server may be coupled to theInternet 165. In other embodiments, the fraud server may be coupled toother types of communications networks (e.g., other than the Internet)including but not limited to a PSTN, another wide area network 130 suchas a proprietary WAN, WAN 107, corporate network 101, a LAN, a wirelesslocal area network (WLAN), a cellular phone network, a metropolitan areanetwork, or other wired or wireless networks. In step 410, the fraudserver may store this information relating to a user access of thenetwork in a memory medium or in a database of the server. In oneembodiment, the fraud server may transmit this information to a secondserver, where the second server may store this information in a memorymedium or in a database of the second server. Additional informationrelating to the PCD such as IP address, subnet, or location may bestored as well. This additional information may come from a MIB 150 or adatabase.

[0090] In one embodiment, the fraud server may attempt to retrieve, instep 420, the information relating to a first user access which wasstored in step 410. In step 430, it may be determined if the attempt toretrieve the information was successful. If the information could not beretrieved, then in step 410, the information may be stored as describedabove. If the first information was retrieved, however, then in step 440the fraud server may transmit a message to revoke the first access ofthe PCD. This information may be transmitted to one or more APs and/orcomputing devices coupled to the network. This transmission may bedirected to one or more destinations, or it may be broadcasted (e.g., toa broadcast address of an IP network, to a multicast group, via wirelessradio broadcast, etc.). To provide identification and/or ensuresecurity, the fraud server may use any of various security mechanismsfor a transmission.

[0091] In one embodiment, a first AP or a computing device such as anNMD 126, the subscriber used for a first access by a PCD, may receivethe information transmitted, in a step 440, by a second AP or computingdevice used for a second access by the PCD. After receiving thisinformation, the first AP or computing device may modify an ACL torevoke access of it or through it by the PCD. In another embodiment, afirst AP or computing device, the subscriber used for the first accessby a PCD, may receive the information transmitted, in a step 440, by afraud server 200. After receiving this information, the first AP orcomputing device may modify an ACL to revoke access of it or through itby the PCD.

[0092] In other embodiments, a fraud server 200, an AP 120, a computingdevice, and/or a NMD 126 may store information associated with each PCDID used for access of a network. This information may comprise, forexample: a geographic region of use, an NMD ID, an IP address, an AP ID,a subnet, a network ID, a PCD ID, a username, and/or a hash of ausername (such as an MD5 or SHA-160 hash). To provide identificationand/or ensure security, the fraud server, the AP, the computing device,and/or the NMD may use any of various security mechanisms for aninformation storage.

[0093] Geographic locations may be associated with information that maycomprise subnets, areas of arbitrary size, networks, one or moreportions of networks, NMDs, and/or APs. This information may be storedin a memory medium or database of a network provider or a roamingpartner. With this information, it may be possible to establish moreinformation associated with a PCD ID used for access.

[0094]FIG. 9

[0095]FIG. 9 illustrates a preferred embodiment of a process of using aplurality of PCD IDs for access at one or more geographic locations. Instep 500, a first user authenticates, with a username, for networkaccess by a PCD with a first PCD ID. A PCD may have a plurality of PCDIDs, such as different MAC IDs, associated with different types ofnetwork connectivity which may comprise wireless and wired access, forexample. As shown above, a network element of the network provider orthe roaming partner may store or transmit information associated withthe first access with the first PCD ID. In step 510, the first userauthenticates, with the username, for a second access with a PCD with asecond PCD ID. The PCD used for the second access may be the same PCDused for the first access, or it may be a second PCD. Regardless of thePCD used for the second access, the first PCD ID used for the firstaccess differs from the second PCD ID used for the second access. Theusername is the same for each authentication.

[0096] It may be unknown if the second access is by a second user, wherethe second user is using the username of the first access. This may posea concern for the network provider and/or roaming partner if theusername has an account with unlimited access. Thus, if the first userwith the username shares his or her username (and password) with thesecond user, revenue for the network provider and/or the roaming partnermay be lost, since the second user may be obtaining access essentiallyfor free. Further, the first user may charge the second user for accessthrough the use of the first user's username (and password) for access,and the first user may not be authorized to do so by the networkprovider and/or the roaming partner.

[0097] The second authentication with the second PCD ID may beinstantiated by the first user. It is may be unknown if this secondauthentication is by the same PCD used for the first authentication. ThePCD ID may be based on a MAC ID. The first user may have used a firstnetwork interface card (NIC), with a first MAC ID, for the firstauthentication. For the second authentication, the first user may haveused a second NIC, with a second MAC ID. Switching NICs may not beuncommon, especially when accessing wired and wireless networks or otherdifferent types of networks such as an IEEE 802.11b network and an IEEE802.11a network. The use of the second PCD ID may indicate thesimultaneous use of a second PCD. The network provider and/or theroaming partner may lose revenue for simultaneous use of a plurality ofPCDs by the first user. The information associated with these twoauthentications may be used as one or more fraud indicators or may beused in a fraud risk level system, method, or process.

[0098] In step 520, access by a PCD with the first PCD ID is revoked.This may be accomplished by one or more methods, processes, or systemsdescribed above. If the same PCD is used for the second authenticationand is identified as the second PCD ID, the access by this PCD will notbe revoked. In one embodiment, following step 520, a PCD with the firstPCD ID may not have access until it is re-authenticated. As describedabove, one or more network elements, such as an AP or NMD used to couplea PCD with the first PCD ID to a network, may modify one or more ACLssuch that access by a PCD with the first PCD ID is revoked or modified.The information associated with these authentications or attempts may beused to as on or more fraud indicators or may be used in a fraud risklevel system, method, or process.

[0099]FIG. 10

[0100]FIG. 10 illustrates a preferred embodiment of a process of using aplurality of geographic locations for access with a single PCD ID. Instep 550, a first user authenticates, with a username, for networkaccess using a PCD with a PCD ID at a first geographic location. Asshown above, a network element of the network provider or the roamingpartner may store or transmit information associated with the firstaccess with the PCD ID. In step 560, a user authenticates, with theusername, for a second access using a PCD with the same PCD ID at asecond geographic location. The PCD used for the second authenticationmay be the same PCD used for the first access, or it may be a secondPCD. Regardless of PCD used for the second access, the first geographiclocation used for the first access differs from the second geographiclocation used for the second access. The geographic locations maycomprise: a network, a portion of a network such as an access point,and/or an area of arbitrary size.

[0101] PCD IDs may be duplicated or “cloned.” “Cloning” of a cellularphone or an ESN (Electronic Serial Number, e.g., of a cellular phone)poses problems, for example, in cellular telephone networks by causingloss of revenue or errors in billing. With PCD IDs, it may be unknown ifthe second authentication is by a second PCD, where the second PCD usedfor access is accomplished by the username of the first authentication.As discussed with reference to FIG. 9, a concern may arise if theusername has an account with unlimited access. If the first user withthe username shares his or her username (and password) with a seconduser and both PCDs used for access use the same PCD ID, revenue for thenetwork provider and/or the roaming partner may be lost, since thesecond user may be obtaining access essentially for free. Further, thefirst user may charge the second user for access through the use of thefirst user's username (and password) for access, and the first user maynot be authorized to do so by the network provider and/or the roamingpartner. The information associated with these two authentications maybe used to as one or more fraud indicators or may be used in a fraudrisk level system, method, or process.

[0102] In 570, access by a PCD with the PCD ID at the first geographiclocation is revoked for access at the first geographic location. Thismay be accomplished by one or more methods, processes, or systemsdescribed above. In one embodiment, following step 570, a PCD with thePCD ID may not have access at the first geographic location until it isre-authenticated. As described above, one or more network elements, suchas an AP or NMD used to couple a PCD with the PCD ID to a network, maymodify one or more ACLs such that access by the PCD with the PCD ID isrevoked or modified.

[0103] In one embodiment, a fraud server 200 may detect an abnormalrate-increase of subscriber-usage of a roaming partner. This mayindicate a security breach of the roaming partner such as accounts mayhave been stolen or “cracked.” The fraud server may utilize one or moreprocesses to deny access to these accounts used during and/or after therate increase, or it may deny access to all accounts associated with theroaming partner.

[0104] A subscriber may use a plurality of PCDs and/or PCD IDs. In oneembodiment, a threshold (e.g., a quantity) of PCD IDs for a roamingpartner or a subscriber may be set by a fraud server 200. When thisthreshold is reached, access may be denied to any additional PCD ID ofthe subscriber and/or roaming partner, or access may be deniedregardless of PCD ID. A PCD ID threshold may be increased or decreasedon a per subscriber basis and/or on a per roaming partner basis.Moreover, one or more PCD IDs may be cleared from time-to-time for anysubscriber or roaming partner. If more than one PCD ID is allowed by thefraud server, the fraud server may be configured to not allowsimultaneous use of a plurality of PCD IDs for access or authentication.

[0105] Information associated with each PCD ID stored, according to oneembodiment, may comprise a time-period of none-use where the PCD ID maynot be counted towards a threshold. For instance, a time after a lastuse of a PCD ID plus the time-period of none-use would not be counted asa PCD ID towards the threshold of PCD IDs for a subscriber and/orroaming partner. The storage of a PCD ID may comprise a “half-life”where the PCD ID's “counted weight” diminishes over time from its lastknown use.

[0106] Further, it may be beneficial or necessary to a network providerand/or a roaming partner if only one account or username of the roamingpartner be used on only one PCD ID. In other words, a plurality ofaccounts or usernames may not use the same PCD ID, according to oneembodiment. Thus, a fraud server 200 may deny access of a PCD used bysecond username when the PCD's PCD ID is associated with a firstusername. This denial-of-use of the PCD by the second username may betime-based. For example, the PCD, with the PCD ID, may not be used bythe second username until some time after the first username has loggedin or logged off.

[0107] In one embodiment, a fraud server 200, an AAA server 168, and/oran AAA interface server 169 may have a threshold for authenticationfailure, where the threshold may be set on a per subscriber and/or a perroaming partner basis.

[0108] For example, a valid username may be attempted for authenticationat one or more geographic locations; yet, a number of attempts forauthentication may fail. This number may be cumulative, or it may bebased upon a function of time such as a rate of attempts withnon-authentication. This may indicate fraud, or it may indicate someoneis trying to crack, hack, or hi-jack the subscriber's account. Theinformation associated with these authentications and/or failures may beused to as one or more fraud indicators or may be used in a fraud risklevel system, method, or process.

[0109] In another example, a plurality of usernames, associated with aroaming partner, may be attempted for authentication at one or moregeographic locations; yet, a number of attempts for authentication mayfail. This number may be cumulative, or it may be based upon a functionof time such as a rate of attempts with non-authentication. This mayindicate fraud, or it may indicate someone is trying to crack, hack, orhi-jack a plurality subscriber's account. This may apply to non-validusernames and/or non-valid passwords for accounts associated with theroaming partner. The information associated with these authenticationsand/or failures may be used to as one or more fraud indicators or may beused in a fraud risk level system, method, or process.

[0110] Information regarding a location and a time of a first use of aPCD of a subscriber may be used in a comparison with a location and atime of a second use of the a PCD of the subscriber, according to oneembodiment. The comparison may be used to determine how quickly thesubscriber apparently propagated within a network or from one network toanother. Further, a threshold may be set, such that if the rate ofpropagation exceeds the threshold, fraudulent use may be assumed. Theinformation associated with these authentications and/or failures may beused to as one or more fraud indicators or may be used in a fraud risklevel system, method, or process.

[0111] In one embodiment, the data stored on subscribers and their usesof their PCDs, with PCD IDs, may be used with an adaptive algorithm suchas a neural network Bayesian estimator or similar probability estimatorto detect abnormal, possible fraudulent use, or fraudulent use of asubscriber's account. The algorithm may be used in a fraud detectionand/or a fraud prevention system, method, or process. FIG. 11illustrates the use of such an algorithm in step 515. FIG. 12illustrates the use of such an algorithm in step 565.

[0112] In one embodiment, a subscriber's account may be suspended orde-activated for fraud and/or fraudulent use. The subscriber's accountmay be suspended or de-activated for a suspicion of fraud and/orfraudulent use. The subscriber may contact the roaming partner withwhich he or she has an associated roaming user account for are-activation of the user's account. The subscriber may contact thenetwork provider of which he or she has an associated roaming useraccount for a re-activation of the user's account and/or username. Theroaming partner and/or the network provider may verify the user's (i.e.,account owner's) credentials or identification. The owner's credentialsor identification may comprise, for example, a physical address, aformer physical address, a phone number, a former phone number, a PCDID, a social security number, a portion of a social security number, abank account ID, a driver's license ID, a phone number called (on theuser's phone bill), a maiden name, a mother's maiden name, a date ofbirth, a personal ID, a passport ID, a customer ID, a credit cardnumber, an email address, an ESN, or a certificate ID. Once the user hasbeen verified as the valid-user of the account, the roaming partner orthe network provider may re-activate the user's account. The roamingpartner and/or the network provider may assign a new identification,such as a new username and/or password, to the subscriber's account.This re-activation may include contacting one or more network providersor roaming partners to convey the re-activation of the subscriber.

[0113] Wireless Access Point Usage of Multiple Channels

[0114] A wireless AP 120 can use one of a plurality of different RF(radio frequency) channels for communication with portable computingdevices of users. For example, a wireless AP 120 can use one of RFchannels 1 through 11. As is well known, RF channels 1, 6 and 11 arenon-overlapping, with the remainder of these channels being partiallyoverlapping with other channels.

[0115] According to one embodiment of the present invention, eachwireless access point can communicate on one or more, e.g. a pluralityof or all of, the available wireless channels, e.g., the available RFchannels. Furthermore, each AP 120 can control which channel a PCD 110of a client is able to use. In one embodiment, each portable computingdevice may scan each of the RF channels until it detects a AP 120 at oneof the channels.

[0116] In one embodiment, one or more of the wireless APs may eachutilize a plurality of the RF channels, e.g., may use each of thenon-overlapping channels 1, 6 and 11 to effectively provide up to threetimes the channel capacity. Thus, the AP 120 may be able to controlallocations of a plurality or all of the respective RF channels toselectively obtain higher bandwidth when appropriate, or to simplyaccommodate a greater number of portable computing devices (PCDs) 110.Thus, if a wireless AP using only one RF channel could only handle fiftyportable computing devices 110 on that respective channel, the wirelessAP may operate to use all three non-overlapping RF channels toeffectively triple this capacity to a total of 150 simultaneous PCDs110.

[0117] As another example, if the AP 120 is only communicating with onePCD 110, then the AP 120 may optionally or selectively use each of thethree non-overlapping RF channels to produce effectively three times thebandwidth for this communication. As additional portable computerdevices come into communication with the respective AP 120, the AP 120may selectively allocate different channels to different ones of theseportable computing devices as needed. Further, if more than threeportable computing devices are communicating with the respectivewireless AP, the AP 120 may partition one or more of the respectivechannels for the respective users, such as using wireless EthernetCollision Sense Multiple Access/Collision Detection (CSMA/CD) or othermultiple access schemes such as TDMA, FDMA, or CDMA, among others.

[0118] In one embodiment, a subscriber may be allowed to use one or morewireless channels. For example, the subscriber may only be allowed touse a channel 6 for roaming access with a network provider which may beaccording to the terms of his or her account or terms of an agreementbetween a roaming partner of the subscriber and/or between an agreementbetween the roaming partner and a network provider. A PCD may attempt toauthenticate on a channel different from channel 6. This may indicate afraudulent use. This may also indicate that a username has beencompromised. The information associated with this authentication orattempted authentication may be used as one or more fraud indicators ormay be used in a fraud risk level system, method, or process.

[0119] In another embodiment, a subscriber may be able to use aplurality of channels simultaneously when accessing a network of anetwork provider. For example, a subscriber may be able to use thenon-overlapping channels of 1 and 6 for simultaneous use to effectivelydouble his or her effective bandwidth. A PCD may attempt to authenticateor authenticate with the subscriber's username and may attempt tosimultaneously use channels 1, 6, and 11. Thus, tripling his or hereffective band-width. This may indicate a fraudulent use. A PCD mayattempt to authenticate or authenticate with the subscriber's usernameand may attempt to simultaneously use channels 6 and 11 which may alsoindicate a fraudulent use. These may also indicate that a username hasbeen compromised. The information associated with each of theseauthentication or attempted authentication may be used as one or morefraud indicators or may be used in a fraud risk level system, method, orprocess.

[0120] A network provider may assign one or more channels to a roamingpartner, according to one embodiment. For example, subscribers of theroaming partner may only be allowed to use a channel 6 for roamingaccess with a network provider according to the terms of an agreementbetween the roaming partner of the subscriber and the network provider.A PCD may attempt to authenticate or authenticate with the subscriber'susername, associated with the roaming partner, on a channel differentfrom channel 6. This may indicate a fraudulent use. This may alsoindicate that the username has been compromised. The informationassociated with this authentication or attempted authentication may beused as one or more fraud indicators or may be used in a fraud risklevel system, method, or process.

[0121] In one embodiment, subscribers of a roaming partner may be ableto use a plurality of channels simultaneously when accessing a networkof a network provider. For example, subscriber of the roaming partnermay be able to use the non-overlapping channels of 1 and 6 forsimultaneous use to effectively double effective bandwidth of thesubscribers of the roaming partner. A PCD may authenticate or attempt toauthenticate with the subscriber's username, associated with the roamingpartner, and may attempt to simultaneously use channels 1, 6, and 11.Thus, tripling the subscriber's band-width. This may indicate afraudulent use. This may also indicate that one or more accounts of theroaming partner may be compromised. The information associated with thisauthentication or attempted authentication may be used as one or morefraud indicators or may be used in a fraud risk level system, method, orprocess.

[0122] Method of Aggregation

[0123] A first roaming partner may have an agreement with a firstnetwork provider such that when the first network provider becomes aroaming partner of a second network provider, the first roamingpartner's users may roam on the second network providers network. Thefirst network provider may provide authentication services for the firstroaming partner's users roaming on the second network provider'snetwork. The second network provider may have a list of such firstroaming partners of the first network provider. This list may cause anauthentication mechanism to “route” an authentication of a user of afirst roaming partner to an authentication server or authenticationauthority of or associated with the first network provider. Thus, theusers of the first roaming partner become virtual users or subscriber ofthe first network provider. The usage of these virtual subscribers mayinvoiced directly by the second network provider to the first networkprovider. The first network provider may, in turn, invoice the firstroaming partner for the usage of these virtual subscriber.

What is claimed is:
 1. A method for determining fraud in accessing anetwork, the method comprising: initiating a first network access with anetwork provider; storing a first set of identification data associatedwith the first network access in response to the first network access,wherein the first set of identification data comprises a first computingdevice identification; initiating a second network access with thenetwork provider; storing a second set of identification data associatedwith the second network access in response to the second network access,wherein the second set of identification data comprises a secondcomputing device identification; determining one or more fraudindicators in the first set of identification data and the second set ofidentification data; and revoking the first network access and/or thesecond network access in response to the determining the one or morefraud indicators.
 2. The method of claim 1, wherein the first set ofidentification data comprises a first username; wherein the second setof identification data comprises a second username; wherein the firstusername and the second username are associated with a same useraccount; wherein the first computing device identification and thesecond computing device identification comprise different computingdevice identifications; and wherein the one or more fraud indicatorscomprise a use of the same user account with both the first computingdevice identification and the second computing device identification. 3.The method of claim 2, wherein the first username equals the secondusername.
 4. The method of claim 1, wherein the first set ofidentification data comprises a first geographic location; wherein thesecond set of identification data comprises a second geographic locationwhich is different from the first geographic location; wherein the firstcomputing device identification and the second computing deviceidentification comprise a same computing device identification; andwherein the one or more fraud indicators comprise a use of the samecomputing device identification at both the first geographical locationand the second geographical location.
 5. The method of claim 1, whereinthe second network access is initiated during the first network access.6. The method of claim 1, wherein the second network access is initiatedafter the first network access has ended.
 7. The method of claim 1,wherein the determining one or more fraud indicators comprises using afraud detection algorithm.
 8. The method of claim 1, wherein the networkprovider determines a threshold quantity of computing deviceidentifications; wherein the one or more fraud indicators comprise a useof the first computing device identification and/or the second computingdevice identification in violation of the threshold quantity ofcomputing device identifications.
 9. The method of claim 1, wherein thenetwork provider determines a threshold quantity of authenticationfailures; wherein the one or more fraud indicators comprise one or moreauthentication failures during the initiating the first network accessand/or the second network access in violation of the threshold quantityof authentication failures.
 10. The method of claim 1, wherein the oneor more fraud indicators comprise an abnormal rate increase ofsubscriber usage by a roaming partner.
 11. The method of claim 1,further comprising: determining a rate of network propagation bycomparing the first set of identification data and the second set ofidentification data; wherein the one or more fraud indicators comprise aviolation of a threshold rate of network propagation by the determinedrate of network propagation.
 12. The method of claim 1, wherein the oneor more fraud indicators comprise a use of one or more RF channels forwireless access during the first network access or the second networkaccess.
 13. The method of claim 1, further comprising: suspending a useraccount in response to the determining the one or more fraud indicators.14. The method of claim 1, further comprising: de-activating a useraccount in response to the determining the one or more fraud indicators.15. The method of claim 14, further comprising: verifying an owneridentification associated with the de-activated user account; andre-activating the de-activated user account in response to the verifyingthe owner identification.
 16. The method of claim 15, wherein there-activating the de-activated user account is performed by the networkprovider.
 17. The method of claim 15, wherein the re-activating thede-activated user account is performed by a roaming partner.
 18. Themethod of claim 15, further comprising assigning a new identification tothe re-activated user account.
 19. The method of claim 1, wherein thesecond set of identification data is received from a broadcast.
 20. Themethod of claim 1, wherein the second set of identification data isreceived from a multicast.
 21. A method for determining fraud inaccessing a network, the method comprising: initiating a first networkaccess with a network provider; storing a first set of identificationdata associated with the first network access in response to the firstnetwork access, wherein the first set of identification data comprises afirst username and a first computing device identification; initiating asecond network access with the network provider; storing a second set ofidentification data associated with the second network access inresponse to the second network access, wherein the second set ofidentification data comprises a second username and a second computingdevice identification, wherein the first username and the secondusername are associated with a same user account, and wherein the firstcomputing device identification and the second computing deviceidentification comprise different computing device identifications;determining one or more fraud indicators in the first set ofidentification data and the second set of identification data, whereinthe one or more fraud indicators comprise a use of the same user accountwith both the first computing device identification and the secondcomputing device identification; and revoking the first network accessand/or the second network access in response to the determining the oneor more fraud indicators.
 22. The method of claim 21, wherein the firstusername equals the second username.
 23. The method of claim 21, whereinthe second network access is initiated during the first network access.24. The method of claim 21, wherein the second network access isinitiated after the first network access has ended.
 25. The method ofclaim 21, further comprising: suspending the user account in response tothe determining the one or more fraud indicators.
 26. The method ofclaim 21, further comprising: de-activating the user account in responseto the determining the one or more fraud indicators.
 27. The method ofclaim 26, further comprising: verifying an owner identificationassociated with the de-activated user account; and re-activating thede-activated user account in response to the verifying the owneridentification.
 28. The method of claim 27, wherein the re-activatingthe de-activated user account is performed by the network provider. 29.The method of claim 27, wherein the re-activating the de-activated useraccount is performed by a roaming partner.
 30. The method of claim 27,further comprising assigning a new identification to the re-activateduser account.
 31. The method of claim 21, wherein the second set ofidentification data is received from a broadcast.
 32. The method ofclaim 21, wherein the second set of identification data is received froma multicast.
 33. A method for determining fraud in accessing a network,the method comprising: initiating a first network access with a networkprovider; storing a first set of identification data associated with thefirst network access in response to the first network access, whereinthe first set of identification data comprises a first geographicallocation and a computing device identification; initiating a secondnetwork access with the network provider; storing a second set ofidentification data associated with the second network access inresponse to the second network access, wherein the second set ofidentification data comprises a second geographical location and thecomputing device identification; determining one or more fraudindicators in the first set of identification data and the second set ofidentification data, wherein the one or more fraud indicators comprise ause of the computing device identification at both the firstgeographical location and the second geographical location; and revokingthe first network access and/or the second network access in response tothe determining the one or more fraud indicators.
 34. The method ofclaim 33, wherein the second network access is initiated during thefirst network access.
 35. The method of claim 33, wherein the secondnetwork access is initiated after the first network access has ended.36. The method of claim 33, further comprising: suspending a useraccount in response to the determining the one or more fraud indicators.37. The method of claim 33, further comprising: de-activating a useraccount in response to the determining the one or more fraud indicators.38. The method of claim 37, further comprising: verifying an owneridentification associated with the de-activated user account; andre-activating the de-activated user account in response to the verifyingthe owner identification.
 39. The method of claim 38, wherein there-activating the de-activated user account is performed by the networkprovider.
 40. The method of claim 38, wherein the re-activating thede-activated user account is performed by a roaming partner.
 41. Themethod of claim 38, further comprising assigning a new identification tothe re-activated user account.
 42. The method of claim 33, wherein thesecond set of identification data is received from a broadcast.
 43. Themethod of claim 33, wherein the second set of identification data isreceived from a multicast.
 44. A carrier medium comprising programinstructions for determining fraud in accessing a network, wherein theprogram instructions are computer-executable to implement: storing afirst set of identification data associated with a first network accesswith a network provider, wherein the first set of identification datacomprises a first computing device identification; storing a second setof identification data associated with a second network access with thenetwork provider, wherein the second set of identification datacomprises a second computing device identification; determining one ormore fraud indicators in the first set of identification data and thesecond set of identification data; and revoking the first network accessand/or the second network access in response to the determining the oneor more fraud indicators.
 45. The carrier medium of claim 44, whereinthe first set of identification data comprises a first username; whereinthe second set of identification data comprises a second username;wherein the first username and the second username are associated with asame user account; wherein the first computing device identification andthe second computing device identification comprise different computingdevice identifications; and wherein the one or more fraud indicatorscomprise a use of the same user account with both the first computingdevice identification and the second computing device identification.46. The carrier medium of claim 45, wherein the first username equalsthe second username.
 47. The carrier medium of claim 44, wherein thefirst set of identification data comprises a first geographic location;wherein the second set of identification data comprises a secondgeographic location which is different from the first geographiclocation; wherein the first computing device identification and thesecond computing device identification comprise a same computing deviceidentification; and wherein the one or more fraud indicators comprise ause of the same computing device identification at both the firstgeographical location and the second geographical location.
 48. Thecarrier medium of claim 44, wherein the second network access isinitiated during the first network access.
 49. The carrier medium ofclaim 44, wherein the second network access is initiated after the firstnetwork access has ended.
 50. The carrier medium of claim 44, whereinthe determining one or more fraud indicators comprises using a frauddetection algorithm.
 51. The carrier medium of claim 44, wherein thenetwork provider determines a threshold quantity of computing deviceidentifications; wherein the one or more fraud indicators comprise a useof the first computing device identification and/or the second computingdevice identification in violation of the threshold quantity ofcomputing device identifications.
 52. The carrier medium of claim 44,wherein the network provider determines a threshold quantity ofauthentication failures; wherein the one or more fraud indicatorscomprise one or more authentication failures during the first networkaccess and/or the second network access in violation of the thresholdquantity of authentication failures.
 53. The carrier medium of claim 44,wherein the one or more fraud indicators comprise an abnormal rateincrease of subscriber usage by a roaming partner.
 54. The carriermedium of claim 44, wherein the program instructions are furthercomputer-executable to implement: determining a rate of networkpropagation by comparing the first set of identification data and thesecond set of identification data; wherein the one or more fraudindicators comprise a violation of a threshold rate of networkpropagation by the determined rate of network propagation.
 55. Thecarrier medium of claim 44, wherein the one or more fraud indicatorscomprise a use of one or more RF channels for wireless access during thefirst network access or the second network access.
 56. The carriermedium of claim 44, wherein the program instructions are furthercomputer-executable to implement: suspending a user account in responseto the determining the one or more fraud indicators.
 57. The carriermedium of claim 44, wherein the program instructions are furthercomputer-executable to implement: de-activating a user account inresponse to the determining the one or more fraud indicators.
 58. Thecarrier medium of claim 57, wherein the program instructions are furthercomputer-executable to implement: verifying an owner identificationassociated with the de-activated user account; and re-activating thede-activated user account in response to the verifying the owneridentification.
 59. The carrier medium of claim 58, wherein there-activating the de-activated user account is performed by the networkprovider.
 60. The carrier medium of claim 58, wherein the re-activatingthe de-activated user account is performed by a roaming partner.
 61. Thecarrier medium of claim 58, wherein the program instructions are furthercomputer-executable to implement: assigning a new identification to there-activated user account.
 62. The carrier medium of claim 44, whereinthe second set of identification data is received from a broadcast. 63.The carrier medium of claim 44, wherein the second set of identificationdata is received from a multicast.
 64. A carrier medium comprisingprogram instructions for determining fraud in accessing a network,wherein the program instructions are computer-executable to implement:storing a first set of identification data associated with a firstnetwork access with a network provider, wherein the first set ofidentification data comprises a first username and a first computingdevice identification; storing a second set of identification dataassociated with a second network access with the network provider,wherein the second set of identification data comprises a secondusername and a second computing device identification, wherein the firstusername and the second username are associated with a same useraccount, and wherein the first computing device identification and thesecond computing device identification comprise different computingdevice identifications; determining one or more fraud indicators in thefirst set of identification data and the second set of identificationdata, wherein the one or more fraud indicators comprise a use of thesame user account with both the first computing device identificationand the second computing device identification; and revoking the firstnetwork access and/or the second network access in response to thedetermining the one or more fraud indicators.
 65. The carrier medium ofclaim 64, wherein the first username equals the second username.
 66. Thecarrier medium of claim 64, wherein the second network access isinitiated during the first network access.
 67. The carrier medium ofclaim 64, wherein the second network access is initiated after the firstnetwork access has ended.
 68. The carrier medium of claim 64, whereinthe program instructions are further computer-executable to implement:suspending the user account in response to the determining the one ormore fraud indicators.
 69. The carrier medium of claim 64, wherein theprogram instructions are further computer-executable to implement:de-activating the user account in response to the determining the one ormore fraud indicators.
 70. The carrier medium of claim 69, wherein theprogram instructions are further computer-executable to implement:verifying an owner identification associated with the de-activated useraccount; and re-activating the de-activated user account in response tothe verifying the owner identification.
 71. The carrier medium of claim70, wherein the re-activating the de-activated user account is performedby the network provider.
 72. The carrier medium of claim 70, wherein there-activating the de-activated user account is performed by a roamingpartner.
 73. The carrier medium of claim 70, wherein the programinstructions are further computer-executable to implement: assigning anew identification to the re-activated user account.
 74. The carriermedium of claim 64, wherein the second set of identification data isreceived from a broadcast.
 75. The carrier medium of claim 64, whereinthe second set of identification data is received from a multicast. 76.A carrier medium comprising program instructions for determining fraudin accessing a network, wherein the program instructions arecomputer-executable to implement: storing a first set of identificationdata associated with a first network access with a network provider,wherein the first set of identification data comprises a firstgeographical location and a computing device identification; storing asecond set of identification data associated with a second networkaccess with the network provider, wherein the second set ofidentification data comprises a second geographical location and thecomputing device identification; determining one or more fraudindicators in the first set of identification data and the second set ofidentification data, wherein the one or more fraud indicators comprise ause of the computing device identification at both the firstgeographical location and the second geographical location; and revokingthe first network access and/or the second network access in response tothe determining the one or more fraud indicators.
 77. The carrier mediumof claim 76, wherein the second network access is initiated during thefirst network access.
 78. The carrier medium of claim 76, wherein thesecond network access is initiated after the first network access hasended.
 79. The carrier medium of claim 76, wherein the programinstructions are further computer-executable to implement: suspending auser account in response to the determining the one or more fraudindicators.
 80. The carrier medium of claim 76, wherein the programinstructions are further computer-executable to implement: de-activatinga user account in response to the determining the one or more fraudindicators.
 81. The carrier medium of claim 80, wherein the programinstructions are further computer-executable to implement: verifying anowner identification associated with the de-activated user account; andre-activating the de-activated user account in response to the verifyingthe owner identification.
 82. The carrier medium of claim 81, whereinthe re-activating the de-activated user account is performed by thenetwork provider.
 83. The carrier medium of claim 81, wherein there-activating the de-activated user account is performed by a roamingpartner.
 84. The carrier medium of claim 81, wherein the programinstructions are further computer-executable to implement: assigning anew identification to the re-activated user account.
 85. The carriermedium of claim 76, wherein the second set of identification data isreceived from a broadcast.
 86. The carrier medium of claim 76, whereinthe second set of identification data is received from a multicast. 87.A system for determining fraud in accessing a network, the systemcomprising: a CPU coupled to a network; a memory coupled to the CPU,wherein the memory stores program instructions which are executable bythe CPU to: store a first set of identification data associated with afirst network access with a network provider, wherein the first set ofidentification data comprises a first computing device identification;store a second set of identification data associated with a secondnetwork access with the network provider, wherein the second set ofidentification data comprises a second computing device identification;determine one or more fraud indicators in the first set ofidentification data and the second set of identification data; andrevoke the first network access and/or the second network access inresponse to the determination of the one or more fraud indicators. 88.The system of claim 87, wherein the first set of identification datacomprises a first username; wherein the second set of identificationdata comprises a second username; wherein the first username and thesecond username are associated with a same user account; wherein thefirst computing device identification and the second computing deviceidentification comprise different computing device identifications; andwherein the one or more fraud indicators comprise a use of the same useraccount with both the first computing device identification and thesecond computing device identification.
 89. The system of claim 88,wherein the first username equals the second username.
 90. The system ofclaim 87, wherein the first set of identification data comprises a firstgeographic location; wherein the second set of identification datacomprises a second geographic location which is different from the firstgeographic location; wherein the first computing device identificationand the second computing device identification comprise a same computingdevice identification; and wherein the one or more fraud indicatorscomprise a use of the same computing device identification at both thefirst geographical location and the second geographical location. 91.The system of claim 87, wherein the second network access is initiatedduring the first network access.
 92. The system of claim 87, wherein thesecond network access is initiated after the first network access hasended.
 93. The system of claim 87, wherein the determination of one ormore fraud indicators comprises use of a fraud detection algorithm. 94.The system of claim 87, wherein the network provider determines athreshold quantity of computing device identifications; wherein the oneor more fraud indicators comprise a use of the first computing deviceidentification and/or the second computing device identification inviolation of the threshold quantity of computing device identifications.95. The system of claim 87, wherein the network provider determines athreshold quantity of authentication failures; wherein the one or morefraud indicators comprise one or more authentication failures during thefirst network access and/or the second network access in violation ofthe threshold quantity of authentication failures.
 96. The system ofclaim 87, wherein the one or more fraud indicators comprise an abnormalrate increase of subscriber usage by a roaming partner.
 97. The systemof claim 87, wherein the program instructions are further executable bythe CPU to: determine a rate of network propagation by comparing thefirst set of identification data and the second set of identificationdata; wherein the one or more fraud indicators comprise a violation of athreshold rate of network propagation by the determined rate of networkpropagation.
 98. The system of claim 87, wherein the one or more fraudindicators comprise a use of one or more RF channels for wireless accessduring the first network access or the second network access.
 99. Thesystem of claim 87, wherein the program instructions are furtherexecutable by the CPU to: suspend a user account in response to thedetermining the one or more fraud indicators.
 100. The system of claim87, wherein the program instructions are further executable by the CPUto: de-activate a user account in response to the determining the one ormore fraud indicators.
 101. The system of claim 100, wherein the programinstructions are further executable by the CPU to: verify an owneridentification associated with the de-activated user account; andre-activate the de-activated user account in response to verification ofthe owner identification.
 102. The system of claim 101, whereinre-activation of the de-activated user account is performed by thenetwork provider.
 103. The system of claim 101, wherein re-activation ofthe de-activated user account is performed by a roaming partner. 104.The system of claim 101, wherein the program instructions are furtherexecutable by the CPU to: assign a new identification to there-activated user account.
 105. The system of claim 87, wherein thesecond set of identification data is received from a broadcast.
 106. Thesystem of claim 87, wherein the second set of identification data isreceived from a multicast.
 107. A system for determining fraud inaccessing a network, the system comprising: a CPU coupled to a network;a memory coupled to the CPU, wherein the memory stores programinstructions which are executable by the CPU to: store a first set ofidentification data associated with a first network access in with anetwork provider, wherein the first set of identification data comprisesa first username and a first computing device identification; store asecond set of identification data associated with a second networkaccess with the network provider, wherein the second set ofidentification data comprises a second username and a second computingdevice identification, wherein the first username and the secondusername are associated with a same user account, and wherein the firstcomputing device identification and the second computing deviceidentification comprise different computing device identifications;determine one or more fraud indicators in the first set ofidentification data and the second set of identification data, whereinthe one or more fraud indicators comprise a use of the same user accountwith both the first computing device identification and the secondcomputing device identification; and revoke the first network accessand/or the second network access in response to the determining the oneor more fraud indicators.
 108. The system of claim 107, wherein thefirst username equals the second username.
 109. The system of claim 107,wherein the second network access is initiated during the first networkaccess.
 110. The system of claim 107, wherein the second network accessis initiated after the first network access has ended.
 111. The systemof claim 107, wherein the program instructions are further executable bythe CPU to: suspend the user account in response to the determining theone or more fraud indicators.
 112. The system of claim 107, wherein theprogram instructions are further executable by the CPU to: de-activatethe user account in response to the determining the one or more fraudindicators.
 113. The system of claim 112, wherein the programinstructions are further executable by the CPU to: verify an owneridentification associated with the de-activated user account; andre-activate the de-activated user account in response to verification ofthe owner identification.
 114. The system of claim 113, whereinre-activation of the de-activated user account is performed by thenetwork provider.
 115. The system of claim 113, wherein re-activation ofthe de-activated user account is performed by a roaming partner. 116.The system of claim 113, wherein the program instructions are furtherexecutable by the CPU to: assign a new identification to there-activated user account.
 117. The system of claim 107, wherein thesecond set of identification data is received from a broadcast.
 118. Thesystem of claim 107, wherein the second set of identification data isreceived from a multicast.
 119. A system for determining fraud inaccessing a network, the system comprising: a CPU coupled to a network;a memory coupled to the CPU, wherein the memory stores programinstructions which are executable by the CPU to: store a first set ofidentification data associated with a first network access with anetwork provider, wherein the first set of identification data comprisesa first geographical location and a computing device identification;store a second set of identification data associated with a secondnetwork access with the network provider, wherein the second set ofidentification data comprises a second geographical location and thecomputing device identification; determine one or more fraud indicatorsin the first set of identification data and the second set ofidentification data, wherein the one or more fraud indicators comprise ause of the computing device identification at both the firstgeographical location and the second geographical location; and revokethe first network access and/or the second network access in response tothe determining the one or more fraud indicators.
 120. The system ofclaim 119, wherein the second network access is initiated during thefirst network access.
 121. The system of claim 119, wherein the secondnetwork access is initiated after the first network access has ended.122. The system of claim 119, wherein the program instructions arefurther executable by the CPU to: suspend a user account in response tothe determining the one or more fraud indicators.
 123. The system ofclaim 119, wherein the program instructions are further executable bythe CPU to: de-activate a user account in response to the determiningthe one or more fraud indicators.
 124. The system of claim 123, whereinthe program instructions are further executable by the CPU to: verify anowner identification associated with the de-activated user account; andre-activate the de-activated user account in response to verification ofthe owner identification.
 125. The system of claim 124, whereinre-activation of the de-activated user account is performed by thenetwork provider.
 126. The system of claim 124, wherein re-activation ofthe de-activated user account is performed by a roaming partner. 127.The system of claim 124, wherein the program instructions are furtherexecutable by the CPU to: assign a new identification to there-activated user account.
 128. The system of claim 119, wherein thesecond set of identification data is received from a broadcast.
 129. Thesystem of claim 119, wherein the second set of identification data isreceived from a multicast.